trisulrp 2.2.8 → 3.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +2 -2
- data/Rakefile +3 -3
- data/VERSION +1 -1
- data/lib/trisulrp.rb +0 -2
- data/lib/trisulrp/protocol.rb +205 -121
- data/lib/trisulrp/trp.pb.rb +753 -775
- data/lib/trisulrp/trp.proto +688 -494
- data/trisulrp.gemspec +12 -13
- metadata +5 -6
- data/lib/trisulrp/utils.rb +0 -215
data/trisulrp.gemspec
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
|
-
# Generated by
|
|
1
|
+
# Generated by juwelier
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
|
-
# Instead, edit
|
|
3
|
+
# Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: trisulrp
|
|
5
|
+
# stub: trisulrp 3.1.1 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "trisulrp"
|
|
9
|
-
s.version = "
|
|
9
|
+
s.version = "3.1.1"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib"]
|
|
13
13
|
s.authors = ["vivek"]
|
|
14
|
-
s.date = "
|
|
14
|
+
s.date = "2016-08-02"
|
|
15
15
|
s.description = "This gem deals about the trisul remote protocol"
|
|
16
16
|
s.email = "vivek_rajagopal@yahoo.com"
|
|
17
17
|
s.extra_rdoc_files = [
|
|
@@ -32,7 +32,6 @@ Gem::Specification.new do |s|
|
|
|
32
32
|
"lib/trisulrp/protocol.rb",
|
|
33
33
|
"lib/trisulrp/trp.pb.rb",
|
|
34
34
|
"lib/trisulrp/trp.proto",
|
|
35
|
-
"lib/trisulrp/utils.rb",
|
|
36
35
|
"test/Demo_Client.crt",
|
|
37
36
|
"test/Demo_Client.key",
|
|
38
37
|
"test/cginfo.rb",
|
|
@@ -50,30 +49,30 @@ Gem::Specification.new do |s|
|
|
|
50
49
|
]
|
|
51
50
|
s.homepage = "http://github.com/vivekrajan/trisulrp"
|
|
52
51
|
s.licenses = ["MIT"]
|
|
53
|
-
s.rubygems_version = "2.
|
|
52
|
+
s.rubygems_version = "2.5.1"
|
|
54
53
|
s.summary = "trisul trp"
|
|
55
54
|
|
|
56
55
|
if s.respond_to? :specification_version then
|
|
57
56
|
s.specification_version = 4
|
|
58
57
|
|
|
59
58
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
|
60
|
-
s.add_runtime_dependency(%q<
|
|
59
|
+
s.add_runtime_dependency(%q<protobuf>, [">= 0"])
|
|
61
60
|
s.add_development_dependency(%q<shoulda>, [">= 0"])
|
|
62
61
|
s.add_development_dependency(%q<bundler>, [">= 0"])
|
|
63
|
-
s.add_development_dependency(%q<
|
|
62
|
+
s.add_development_dependency(%q<juwelier>, [">= 0"])
|
|
64
63
|
s.add_development_dependency(%q<simplecov>, [">= 0"])
|
|
65
64
|
else
|
|
66
|
-
s.add_dependency(%q<
|
|
65
|
+
s.add_dependency(%q<protobuf>, [">= 0"])
|
|
67
66
|
s.add_dependency(%q<shoulda>, [">= 0"])
|
|
68
67
|
s.add_dependency(%q<bundler>, [">= 0"])
|
|
69
|
-
s.add_dependency(%q<
|
|
68
|
+
s.add_dependency(%q<juwelier>, [">= 0"])
|
|
70
69
|
s.add_dependency(%q<simplecov>, [">= 0"])
|
|
71
70
|
end
|
|
72
71
|
else
|
|
73
|
-
s.add_dependency(%q<
|
|
72
|
+
s.add_dependency(%q<protobuf>, [">= 0"])
|
|
74
73
|
s.add_dependency(%q<shoulda>, [">= 0"])
|
|
75
74
|
s.add_dependency(%q<bundler>, [">= 0"])
|
|
76
|
-
s.add_dependency(%q<
|
|
75
|
+
s.add_dependency(%q<juwelier>, [">= 0"])
|
|
77
76
|
s.add_dependency(%q<simplecov>, [">= 0"])
|
|
78
77
|
end
|
|
79
78
|
end
|
metadata
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: trisulrp
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 3.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- vivek
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-08-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
14
|
+
name: protobuf
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
@@ -53,7 +53,7 @@ dependencies:
|
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
56
|
+
name: juwelier
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - ">="
|
|
@@ -101,7 +101,6 @@ files:
|
|
|
101
101
|
- lib/trisulrp/protocol.rb
|
|
102
102
|
- lib/trisulrp/trp.pb.rb
|
|
103
103
|
- lib/trisulrp/trp.proto
|
|
104
|
-
- lib/trisulrp/utils.rb
|
|
105
104
|
- test/Demo_Client.crt
|
|
106
105
|
- test/Demo_Client.key
|
|
107
106
|
- test/cginfo.rb
|
|
@@ -136,7 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
136
135
|
version: '0'
|
|
137
136
|
requirements: []
|
|
138
137
|
rubyforge_project:
|
|
139
|
-
rubygems_version: 2.
|
|
138
|
+
rubygems_version: 2.5.1
|
|
140
139
|
signing_key:
|
|
141
140
|
specification_version: 4
|
|
142
141
|
summary: trisul trp
|
data/lib/trisulrp/utils.rb
DELETED
|
@@ -1,215 +0,0 @@
|
|
|
1
|
-
# = TrisulRP utility methods
|
|
2
|
-
#
|
|
3
|
-
# == Contains utility to print objects like flows, alerts
|
|
4
|
-
# and to resolve keys etc
|
|
5
|
-
#
|
|
6
|
-
|
|
7
|
-
# ==== TrisulRP::Utils
|
|
8
|
-
#
|
|
9
|
-
# Utility methods to help with
|
|
10
|
-
# * retrieving and printing objects
|
|
11
|
-
# * prints sessions / alerts if given an array of IDs
|
|
12
|
-
# * helper to resolve a key
|
|
13
|
-
#
|
|
14
|
-
#
|
|
15
|
-
module TrisulRP::Utils
|
|
16
|
-
|
|
17
|
-
# Print session (flow) details
|
|
18
|
-
#
|
|
19
|
-
# [conn] active TRP connection opened earlier
|
|
20
|
-
# [sessions] an array of SessionIDs or
|
|
21
|
-
# an array of slice:sid strings
|
|
22
|
-
#
|
|
23
|
-
# ==== Returns
|
|
24
|
-
# ==== Yields
|
|
25
|
-
# Nothing
|
|
26
|
-
#
|
|
27
|
-
# Prints details about the list of sessions (flows) passed
|
|
28
|
-
#
|
|
29
|
-
# ==== On error
|
|
30
|
-
def print_session_ids(conn,sessions)
|
|
31
|
-
all_sids = sessions.collect{ |ai| TRP::SessionID.new(
|
|
32
|
-
:slice_id => ai.slice_id,
|
|
33
|
-
:session_id => ai.session_id ) }
|
|
34
|
-
|
|
35
|
-
follow_up = TrisulRP::Protocol.mk_request(TRP::Message::Command::SESSION_ITEM_REQUEST,
|
|
36
|
-
:session_ids => all_sids)
|
|
37
|
-
|
|
38
|
-
TrisulRP::Protocol.get_response(conn,follow_up) do |resp|
|
|
39
|
-
resp.items.each do |item|
|
|
40
|
-
print_session_details(item)
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
# Print a SessionDetails object
|
|
47
|
-
#
|
|
48
|
-
# Use this to output session to screen
|
|
49
|
-
#
|
|
50
|
-
# [sess] a single SessionDetails object
|
|
51
|
-
#
|
|
52
|
-
# ==== Returns
|
|
53
|
-
# ==== Yields
|
|
54
|
-
# Nothing
|
|
55
|
-
#
|
|
56
|
-
# Pretty prints a single line session details
|
|
57
|
-
#
|
|
58
|
-
# ==== On error
|
|
59
|
-
def print_session_details(sess)
|
|
60
|
-
print "#{sess.session_id.slice_id}:#{sess.session_id.session_id} ".ljust(12)
|
|
61
|
-
print "#{Time.at(sess.time_interval.from.tv_sec)} ".ljust(26)
|
|
62
|
-
print "#{sess.time_interval.to.tv_sec-sess.time_interval.from.tv_sec} ".rjust(8)
|
|
63
|
-
print "#{sess.key1A.label}".ljust(28)
|
|
64
|
-
print "#{sess.key2A.label}".ljust(11)
|
|
65
|
-
print "#{sess.key1Z.label}".ljust(28)
|
|
66
|
-
print "#{sess.key2Z.label}".ljust(11)
|
|
67
|
-
print "#{sess.az_bytes}".rjust(10)
|
|
68
|
-
print "#{sess.za_bytes}".rjust(10)
|
|
69
|
-
print "#{sess.az_payload}".rjust(10)
|
|
70
|
-
print "#{sess.za_payload}".rjust(10)
|
|
71
|
-
print "#{sess.setup_rtt}".rjust(10)
|
|
72
|
-
print "#{sess.retransmissions}".rjust(10)
|
|
73
|
-
print "#{sess.tags}".rjust(10)
|
|
74
|
-
print "\n"
|
|
75
|
-
|
|
76
|
-
end
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
# Print the header column for sess details
|
|
80
|
-
#
|
|
81
|
-
# Use this to output session to screen
|
|
82
|
-
#
|
|
83
|
-
#
|
|
84
|
-
# ==== Returns
|
|
85
|
-
# ==== Yields
|
|
86
|
-
# Nothing
|
|
87
|
-
#
|
|
88
|
-
# Pretty prints a single line session details header w/ correct col widths
|
|
89
|
-
#
|
|
90
|
-
# ==== On error
|
|
91
|
-
def print_session_details_header
|
|
92
|
-
print "SID".ljust(12)
|
|
93
|
-
print "Start Time".ljust(26)
|
|
94
|
-
print "Dur ".rjust(8)
|
|
95
|
-
print "IP-A".ljust(28)
|
|
96
|
-
print "Port-A".ljust(11)
|
|
97
|
-
print "IP-Z".ljust(28)
|
|
98
|
-
print "Port-Z".ljust(11)
|
|
99
|
-
print "Fwd Bytes".rjust(10)
|
|
100
|
-
print "Rev Bytes".rjust(10)
|
|
101
|
-
print "Fwd Payld".rjust(10)
|
|
102
|
-
print "Rev Payld".rjust(10)
|
|
103
|
-
print "RTT".rjust(10)
|
|
104
|
-
print "Retrans".rjust(10)
|
|
105
|
-
print "Tags".rjust(10)
|
|
106
|
-
print "\n"
|
|
107
|
-
|
|
108
|
-
print "-"*11 + "+"
|
|
109
|
-
print "-"*25 + "+"
|
|
110
|
-
print "-"*7 + "+"
|
|
111
|
-
print "-"*27 + "+"
|
|
112
|
-
print "-"*10 + "+"
|
|
113
|
-
print "-"*27 + "+"
|
|
114
|
-
print "-"*10 + "+"
|
|
115
|
-
print "-"*9 + "+"
|
|
116
|
-
print "-"*9 + "+"
|
|
117
|
-
print "-"*9 + "+"
|
|
118
|
-
print "-"*9 + "+"
|
|
119
|
-
print "-"*9 + "+"
|
|
120
|
-
print "-"*9 + "+"
|
|
121
|
-
print "-"*9 + "+"
|
|
122
|
-
print "\n"
|
|
123
|
-
end
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
# Make key
|
|
128
|
-
#
|
|
129
|
-
# Convert an item into Trisul Key format.
|
|
130
|
-
#
|
|
131
|
-
# Example
|
|
132
|
-
#
|
|
133
|
-
# == Pass a hostname
|
|
134
|
-
# mk_trisul_key(conn,GUID_HOSTS,"www.trisul.org") => "D0.D1.01.EA"
|
|
135
|
-
# mk_trisul_key(conn,GUID_APPS,"https") => "p-01BB"
|
|
136
|
-
#
|
|
137
|
-
# == Pass a IP
|
|
138
|
-
# mk_trisul_key(conn,GUID_HOSTS,"192.168.1.5") => "C0.A8.01.05"
|
|
139
|
-
# mk_trisul_key(conn,GUID_APPS,"Port-443") => "p-01BB"
|
|
140
|
-
#
|
|
141
|
-
#
|
|
142
|
-
# [conn] active TRP connection opened earlier
|
|
143
|
-
# [guid] counter group id (eg hosts, apps, countries)
|
|
144
|
-
# [str] eg a resolved name (eg a host like www.blue.net)
|
|
145
|
-
#
|
|
146
|
-
# ==== Returns
|
|
147
|
-
# A string containing the key in Trisul format corresponding to the
|
|
148
|
-
# label passed in via ''str''
|
|
149
|
-
#
|
|
150
|
-
# ==== Yields
|
|
151
|
-
# Nothing
|
|
152
|
-
#
|
|
153
|
-
# ==== On error
|
|
154
|
-
def mk_trisul_key(conn,guid,str)
|
|
155
|
-
req = TrisulRP::Protocol.mk_request(TRP::Message::Command::SEARCH_KEYS_REQUEST,
|
|
156
|
-
:pattern => str,
|
|
157
|
-
:counter_group => guid,
|
|
158
|
-
:maxitems => 1)
|
|
159
|
-
|
|
160
|
-
resp = TrisulRP::Protocol.get_response(conn,req)
|
|
161
|
-
|
|
162
|
-
if resp.found_keys.size > 0
|
|
163
|
-
resp.found_keys[0].key
|
|
164
|
-
else
|
|
165
|
-
TrisulRP::Keys::make_key(str)
|
|
166
|
-
end
|
|
167
|
-
end
|
|
168
|
-
|
|
169
|
-
# Print alert details
|
|
170
|
-
#
|
|
171
|
-
# [conn] active TRP connection opened earlier
|
|
172
|
-
# [alerts] an array of AlertIDs
|
|
173
|
-
#
|
|
174
|
-
# ==== Returns
|
|
175
|
-
# ==== Yields
|
|
176
|
-
# Nothing
|
|
177
|
-
#
|
|
178
|
-
# Prints details about the list of alerts passed
|
|
179
|
-
#
|
|
180
|
-
# ==== On error
|
|
181
|
-
def print_alert_details(conn, alerts)
|
|
182
|
-
|
|
183
|
-
return if alerts.empty?
|
|
184
|
-
|
|
185
|
-
# retrieve details of alerts from server
|
|
186
|
-
follow_up = TrisulRP::Protocol.mk_request(TRP::Message::Command::ALERT_ITEM_REQUEST,
|
|
187
|
-
:alert_group => TrisulRP::Guids::AG_IDS,
|
|
188
|
-
:alert_ids => alerts.collect do |al|
|
|
189
|
-
TRP::AlertID.new(:slice_id => al.slice_id,
|
|
190
|
-
:alert_id => al.alert_id)
|
|
191
|
-
end
|
|
192
|
-
)
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
TrisulRP::Protocol.get_response(conn,follow_up) do | resp |
|
|
197
|
-
resolv_candidates = resp.items.collect { |item| [item.source_ip, item.source_port, item.destination_ip, item.destination_port,item.sigid] }
|
|
198
|
-
resolv_arr = resolv_candidates.transpose
|
|
199
|
-
sip_names = TrisulRP::Keys.get_labels_for_keys(conn,TrisulRP::Guids::CG_HOST, resolv_arr[0])
|
|
200
|
-
sport_names = TrisulRP::Keys.get_labels_for_keys(conn,TrisulRP::Guids::CG_APP, resolv_arr[1])
|
|
201
|
-
dip_names = TrisulRP::Keys.get_labels_for_keys(conn,TrisulRP::Guids::CG_HOST, resolv_arr[2])
|
|
202
|
-
dport_names = TrisulRP::Keys.get_labels_for_keys(conn,TrisulRP::Guids::CG_APP, resolv_arr[3])
|
|
203
|
-
sigid_names = TrisulRP::Keys.get_labels_for_keys(conn,TrisulRP::Guids::CG_ALERT_SIGNATURES, resolv_arr[4])
|
|
204
|
-
resp.items.each do |item|
|
|
205
|
-
print "#{Time.at(item.time.tv_sec)} "
|
|
206
|
-
print "#{sip_names[item.source_ip]}".ljust(28)
|
|
207
|
-
print "#{sport_names[item.source_port]}".ljust(11)
|
|
208
|
-
print "#{dip_names[item.destination_ip]}".ljust(28)
|
|
209
|
-
print "#{dport_names[item.destination_port]}".ljust(11)
|
|
210
|
-
print "#{sigid_names[item.sigid]}".rjust(10)
|
|
211
|
-
print "\n"
|
|
212
|
-
end
|
|
213
|
-
end
|
|
214
|
-
end
|
|
215
|
-
end
|